Northeast Regional Medical Center’s parent company, Community Health Systems, was the target of a cyber attack which the hospital said led to the release of “limited personal identification data” of patients seen at physician practices and clinics affiliated with NRMC and other CHS facilities over the past five years.

CHS says the data did not include patient credit card information, but the hack did access patient names, addresses, birthdates, telephone and social security numbers. The report states CHS is contacting individuals affected by the breach and will provide them with free identity theft protection.

Community Health Systems released information about the hack in a report to the U.S. Securities and Exchange Commission on Monday. According to the report, CHS confirmed the attack in July and believes it occurred in April and June of this year. The breach included “non-medical patient identification data” belonging to 4.5 million patients who “were referred for or received services from physicians affiliated with” CHS.

“The Company and its forensic expert, Mandiant (a FireEye Company), believe the attack was an ‘Advanced Persistent Threat’ group originating from China who used highly sophisticated malware and technology to attack the Company’s systems,” the CHS report states.

A press release from Northeast Regional Medical Center called upon the U.S. federal government to help prevent such attacks.

“Many American companies and organizations have been victimized by foreign-based cyber intrusions,” the NRMC release says. “It is up to the Federal Government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future.”

CHS says it has worked closely with federal authorities to investigate the attack since first learning of the data breach. It has also taken steps to remove the malware and better protect its data against future attempted hacks.

“We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience to patients,” NRMC stated in its release. “Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection.”

Page 2 of 2 -

Community Health Systems operates 206 hospitals in 28 states.

According to a report by CNN, because the lost information is protected by the Health Insurance Portability and Accountability Act (HIPAA), states could sue for damages and patients could sue the hospital network for damages.